External risk intelligence

NVIDIA TensorRT Untrusted Data Deserialization Vulnerability Leading to Code Execution

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-24227

NVIDIA TensorRT is a software development library used for high-performance deep learning inference optimization. It is typically integrated into local applications, build pipelines, or internal development environments rather than being deployed as an internet-facing service or edge gateway.

Deserialization

Nvidia Tensorrt

before 11.0

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability in NVIDIA TensorRT could allow an attacker to execute code by tricking the software into processing untrusted data. While the potential for code execution is severe, its practical impact depends on whether the affected TensorRT software is exposed in a way that an external attacker could exploit it.

  • Untrusted data can cause code execution.
  • Confirm relevance for critical code execution risk.
  • Assess exposure to manage potential impact.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by providing untrusted data to NVIDIA TensorRT, which then attempts to deserialize it. This process could allow the attacker to achieve code execution on the affected system.

  • Network exposure, no privileges needed.
  • Deserializing untrusted data.
  • Leads to code execution.

Live Threat

Current exploitation, exposure, and threat context

A vulnerability in NVIDIA TensorRT could allow an attacker to execute code by sending specially crafted data. This could affect systems running TensorRT when processing untrusted data.

  • Code execution is a risk.
  • Untrusted data can cause exposure.
  • System integrity may be compromised.

Operational Fix

Recommended remediation, mitigation, and detection steps

For this vulnerability in NVIDIA TensorRT, application owners and platform teams are likely responsible for managing the affected technology, as it's typically integrated into development pipelines and applications. The immediate first step is to identify all instances of TensorRT within the environment, determine their business criticality, and locate the accountable owner before planning remediation.

  • Identify affected TensorRT instances and owners.
  • Verify reachability and business criticality.
  • Plan remediation based on assessed risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is NVIDIA TensorRT?

NVIDIA TensorRT is a software development library designed to optimize deep learning models for high-performance inference. It is used by developers to accelerate the execution of neural networks on NVIDIA hardware. Because it acts as an engine for processing complex data models, it is frequently embedded within custom applications, machine learning pipelines, and internal model deployment environments rather than running as a standalone web server.

What does CVE-2026-24227 mean by deserialization?

This vulnerability involves the class of weakness known as Deserialization of Untrusted Data (CWE-502). In simple terms, deserialization is the process of converting stored or transmitted data back into a usable software object. If the software trusts this data without proper validation, an attacker can craft malicious input that forces the application to perform unauthorized actions, potentially leading to full code execution.

How is this vulnerability triggered?

The bug is triggered when the affected TensorRT component processes specially crafted, untrusted data. It does not occur through normal usage of legitimate, verified model files or standard library operations. An attacker must be able to inject their own data into the inference or processing pipeline for the vulnerability to be successfully weaponized.

Is my system at risk from CVE-2026-24227?

Halo Surface Signal indicates that active exploitation is very unlikely for most environments. This is because TensorRT is typically integrated into internal development tools or local application code, rather than functioning as an internet-facing service or edge gateway. You should prioritize assessing systems where TensorRT processes data originating directly from external, untrusted network sources.

What should I do if I use NVIDIA TensorRT?

Start by identifying all software instances within your environment that include the TensorRT library. Since this is a developer-focused tool, coordinate with your application engineering and platform teams to confirm how these instances handle incoming data. Once you have an inventory, assess the business criticality of those specific services to determine your timeline for applying available vendor updates.

References